Frances McLeod: We need to audit culture change too

Culture is often thought of as a soft issue because companies struggle to measure its effectiveness. But culture and compliance are linked.

In an FCPA context, for example, compliance failures frequently flow from the erosion of ethical behavior and robust corporate governance.

So why isn’t culture reviewed with the same principles and rigor that are used to test other aspects of compliance programs?

Some companies believe one-time employee survey asking about cultural perceptions is sufficient. These surveys are typically done when new leadership is appointed, or immediately after an issue has arisen. And they only provide one data point at one point in time.

So how do we measure culture? The methodology should utilize multiple tools over various points in time.

For example:

Employee Surveys: Anonymous surveys are an effective way to measure company culture. Done correctly, companies can gain important insight into employee perspective, beliefs, and even practices when it comes to behavior driven by culture. However,questions need to be phrased in a way that they’ll produce the most accurate responses. Leading questions tend to influence the reader to choose the “right” answer, rather than an honest answer, therefore creating bias.

Surveys — conducted periodically or after changes or enhancements to compliance programs — can ask the same questions rephrased differently. This allows companies to compare results for consistency around the topic and continuous monitoring and testing of culture.

In-Person Feedback: Employee focus groups can add a valuable data point of culture measurement. Employees to provide their perspective, beliefs, and concerns around ethical behavior. In this setting, anonymity is unavailable. So the environment for groups of peers needs to help them feel comfortable so they’ll provide honest answers. Groups that consist of different role levels and competencies will provide a broader view on beliefs and perceptions.

For focus groups, relatively short notice periods to participants helps avoid prepared feedback, especially in more hierarchical or societies the pressure to give the “right” answers can compromise the data gathered. Developing topics for discussion that elicit these types of assurances is crucial to receive honest responses.

Assessing Your Leaders: Replacing leaders within a company that has undergone an FCPA enforcement action is often seen as a remediation effort. But what assurances are there that new leaders will convey the right messaging and change the compliance culture?

Companies seeking to remediate compliance issues should develop an assessment tool to better understand leadership’s values with respect to compliance and ethics. In addition, the assessment tool should weigh the desired values and styles and compare and measure them versus commercial interests, including profitability, time and resource constraints and business development. This assessment should be outsourced to an independent expert who specializes in behavior and leadership values analysis.

Find out what others think of you: Clients and key business partners such as banks avoid companies known for unethical behavior. Although this might be a problem of guilt by association, most organizations are anxious to protect their own reputations. That’s why it’s important to gauge public perception about your ethical culture and how you work with clients. Ways to measure this include simple media searches, client surveys, and even focus groups, depending on your type of organization.

_____

Frances McLeod, pictured above, is a founding partner of FRA and head of its U.S. offices. FRA provides multi-jurisdictional expertise in financial and electronic forensics to help companies manage risks.She holds a Master’s degree from Wadham College, Oxford and speaks English, German, French, and Mandarin Chinese.

Share this post

1 Comment

Frances' point on the need to audit culture is spot on. There is no doubt that culture is directly linked to compliance, along to every other risk area (many regulators have spoken to this with some having issued guidance). Too many firms still believe that simply having robust policies and procedures is sufficient to mitigate compliance risk. Without periodic validation, policies and procedures are wallpaper – they look good but……..

As a former CCO and Global Compliance Audit Executive, I can confirm that if boards and executives are not requiring their audit departments to test culture, they are missing ensuring "the" key pillar of their overall control environment is sound.

Legal

Quick Links

About

We set out in 2007 to bring our readers free and unrestricted coverage of all Foreign Corrupt Practices Act enforcement actions — the first to do that in real-time.

Since then we’ve published more than 7,500 posts by 600 different authors.

Our mission is to help compliance professionals and others everywhere understand how corruption happens, what it does to people and institutions, and how anti-corruption laws and compliance programs work.